我正在尝试为 CORS 配置 Spring 以使用 Angular Web UI:我试过这个:@Configuration@ComponentScan("org.datalis.admin.config")public class AppConfig { @Bean public static PropertySourcesPlaceholderConfigurer propertyConfigurer() { PropertySourcesPlaceholderConfigurer conf = new PropertySourcesPlaceholderConfigurer(); conf.setLocation(new ClassPathResource("application.properties")); return conf; } @Bean public FilterRegistrationBean<CorsFilter> corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("127.0.0.1"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<CorsFilter>(new CorsFilter(source)); bean.setOrder(0); return bean; }}带有 Angular FE 的 Apache 服务器与 Wildly 服务器在同一台服务器上运行,因此我为源配置了 127.0.0.1。但我仍然得到:Access to XMLHttpRequest at 'http://123.123.123.123:8080/api/oauth/token' from origin 'http://123.123.123.123' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.auth:1 Failed to load resource: the server responded with a status of 404 (Not Found)你知道我该如何解决这个问题吗?
3 回答
森林海
TA贡献2011条经验 获得超2个赞
您允许的来源是 127.0.0.1,但您的客户端具有 ip 123.123.123.123。尝试改变这一点:
config.addAllowedOrigin("127.0.0.1");对此:
config.addAllowedOrigin("123.123.123.123");
呼啦一阵风
TA贡献1802条经验 获得超6个赞
您需要告诉Spring Security使用您创建的 CORS 配置。
在我的项目中,我Spring Security以这种方式配置:
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("/rest/protected/**")
.authenticated()
//Other spring sec configruation and then:
.and()
.cors()
.configurationSource(corsConfigurationSource())
}
在哪里corsConfigurationSource():
@Bean
CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
boolean abilitaCors = new Boolean(env.getProperty("templating.oauth.enable.cors"));
if( abilitaCors )
{
if( logger.isWarnEnabled() )
{
logger.warn("CORS ABILITATI! Si assume ambiente di sviluppo");
}
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200","http://localhost:8080", "http://localhost:8180"));
configuration.setAllowedMethods(Arrays.asList( RequestMethod.GET.name(),
RequestMethod.POST.name(),
RequestMethod.OPTIONS.name(),
RequestMethod.DELETE.name(),
RequestMethod.PUT.name()));
configuration.setExposedHeaders(Arrays.asList("x-auth-token", "x-requested-with", "x-xsrf-token"));
configuration.setAllowedHeaders(Arrays.asList("X-Auth-Token","x-auth-token", "x-requested-with", "x-xsrf-token"));
source.registerCorsConfiguration("/**", configuration);
}
return source;
}
MM们
TA贡献1886条经验 获得超2个赞
这是我@Configuration处理仅在开发环境中使用的 CORS 请求的工作班。
@Configuration
//@Profile(PROFILE_DEV)
public class CorsConfiguration {
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOrigins("*")
.allowedHeaders("*")
.allowedMethods("*");
}
};
}
}
您还必须配置 Spring Security 以忽略HttpMethod.OPTIONS预检请求使用的(作为您提到的例外)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
//...
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
//others if you need
.antMatchers(HttpMethod.OPTIONS, "/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.exceptionHandling()
.and()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests()
.antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll()
.antMatchers("/api/authenticate").permitAll()
.antMatchers("/api/**").authenticated();
}
}
因为当您使用 cors 时,您有触发一个简单请求和预检请求HttpMethod.OPTIONS
添加回答
举报
0/150
提交
取消